Businesses of every size have to be aware of the potential for becoming a target of economic crimes. In recent years, Canadian businesses have been prime targets for crimes such as asset misappropriation, consumer fraud and cybercrime.

The prevalence of cybercrime is creating an urgency for companies to use data to be innovative and take advantage of new technologies to protect themselves, their shareholders and their reputations. An increase in cybercrime means that Canadian companies must be more vigilant regarding cyber risks.

Companies are realizing the enormous risk of cybercrime as they count the cost of such crime in dollars, trust and reputation. The high cost has them looking for cost-effective ways to invest in people and technology to fight fraud and proactively manage risk.

Cybercrime Concerns Rising in Canada

According to PwC Canada’s most recent Economic Crime and Fraud Survey, cybercrime against Canadian companies reached its highest level within the last five years. Companies have identified three distinct sources of cybercrime — external actors, internal actors and consumers. These statistics show why companies should be concerned. According to the survey:

  • Around 46% of Canadian companies admitted to experiencing cybercrime on some level since 2016 (this percentage compares with 31% of global companies).
  • About 55% of companies acknowledged suffering fraud over the last two years (up from 37% two years earlier).
  • Around 48% of Canadian corporate representatives said they anticipated that cybercrime would be the top disruptive concern for their business in the coming two years.
  • External actors committed fraud in 58% of Canadian companies.
  • About 47% of external actors who committed fraud were connected with the company as agents, shared-service providers, vendors and customers.
  • About 32% of cybercrime was due to asset misappropriation.
  • 29% of companies stated that cybercrime had disrupted their business processes.
  • About 23% of companies reported being victims of extortion.

The statistics also revealed how cybercriminals attacked their systems:

  • About 58% of the attackers conducting phishing schemes.
  • 45% of Canadian systems became infected with malware.
  • About 20% of companies were victims of network scanning.

Companies were often surprised to learn that one of their biggest threats was people they do business with on a regular basis — groups and individuals termed “frenemies.” Just over a third of companies were also alarmed to learn that their own employees had betrayed them by participating in cybercrime. The third-most-reported crime is consumer crime, which includes such issues as credit card fraud, insurance fraud and mortgage fraud. Knowing the sources of cybercrime alerts companies of the need to have a multifaceted approach to battling crime.

Best Practices for Cybersecurity

The growing concerns over cyber threats prompted Canadian businesses to form the Cyber Canada Senior Leadership Summit in March 2018. The group met in Toronto to bring together thought leaders to address evolving cyber threats and to share philosophies on how companies can best protect their assets, businesses and people.

Several themes resounded from the summit. Canadian leaders agreed that the best way to combat cybersecurity threats was to find new ways of collaborating about how to bolster cybersecurity measures across industries, between industries and governments, and internationally between states.

How National Strategies Can Mitigate Risk

The group came up with some innovative concepts about how national strategies could help companies mitigate the risk of cyber threats.

The first best defense is preparation. Corporate boards need to anticipate and prepare scenarios for how to respond to threats if they should occur.

Second, boards need to identify and outline their defense strategies, not only for their companies, but also for Canada’s critical national assets such as the military, research institutes and hospitals, oil and gas suppliers, food chains and national financial operations.

Third, companies need to view cyberattacks as operational risks as well as IT risks. Companies should identify and detail contingency operational plans. They will need a strong response from senior leaders to be able to make the switch from repairing damage to preventing it.

Fostering Technology Talent to Build and Sustain Cyber-Resilience

Members of the summit also recognized that Canada has an advantage of already being a leader in much of the artificial intelligence research that’s behind cybersecurity. Staying ahead of this expertise will require creating a new workforce of technology talent nationally to increase their resilience to cyberattacks.

National leaders desire to create, train and retain a robust workforce of technological experts within their national boundaries, rather than recruit experts from around the globe. This prospect will require companies to work with the educational leaders to tailor university and college curricula to prepare graduates with practical experience for attractive career paths in cybersecurity. Implementing this idea into new practice will require collaboration between governments, businesses and educational institutions.

CISOs Have Helped to Improve Cybersecurity Practices

One of the reasons that Canada is being targeted for cybercrime is because criminals are aware that Canada lags behind other countries in the use of emerging technology and advanced analytics to predict, monitor and detect economic crime.

Governments are increasingly seeking to hold board directors and senior executives accountable for data breaches. This pressure is prompting Canadian companies to step up their efforts to predict how fraud happens and how it could impact their operations and reputations.

Many Canadian companies have found that hiring a Chief Information Security Officer (CISO) is a good first step toward implementing robust cybersecurity plans. CISOs have been instrumental in helping Canadian companies to take appropriate and timely steps to improve cybersecurity over the last two years. About 65% of Canadian companies reported that they now have a fully operational response plan in place. The benefits of technology to mitigate risk can help organizations focus their efforts on areas where fraud happens, as well as predict how fraud could impact them.

In addition to making strong moves to increase the nation’s pool of technology experts, members of the summit also recognized that companies need to address issues with internal actors. Currently, about 69% of Canadian companies instituted a formal business and ethics compliance program, which is a strong move in the right direction.

Summit leaders hit on some new perspectives on how to address cybersecurity issues. Time will tell if they form the necessary system collaboration to follow through with their ideas and if those efforts reduce the current trend toward cyber threats.